The latest installment of Epic vs. Apple has wrapped up in California, with US District Judge Yvonne Gonzalez Rogers telling Apple it has to let Epic use whatever system it likes for in-app transactions and Apple can't stop Epic from telling its customers that you can buy stuff outside of the App Store. Apple has 90 days to comply. Epic probably isn't popping open the champagne however, as Apple's decision to kick them off the App Store is "valid, lawful, and enforceable". So whilst Apple has to let Epic use its own in-app payment platform, it doesn't have to let them on the App Store. The bigger allegation Epic made, that Apple engaged in antitrust behaviour, was not as successful, with Judge Gonzalez Rogers saying that "success is not illegal". Epic has appealed, of course. The Verge has a detailed look at the findings.
Telstra, Optus, TPG, Vocus and Aussie Broadband (i.e: the vast, vast, majority of ISPs) have made a joint submission to the ACCC asking them to force NBN to do a "restructure of how NBN Co accounts for its costs and of the charges it levies to recover them". The telcos give a shit about this as they're currently negotiating wholesale access rates with NBN, who claim they're "currently under-recovering its prudently incurred costs" - i.e: they want to charge ISPs more for access. The ISPs reckon NBN pissed away too much money, which NBN now has to make up for by setting a ridiculously high average revenue per user (aka ARPU) target, that the ISPs argue should be around $30-$35/m, not the $45/m currently charged, let alone an increased $50-$55/m NBN possibly wants. Just another day in the shitshow that is the NBN.
WhatsApp is forging ahead with plans for backing up end-to-end encrypted chats. In a few weeks time WhatsApp users will be able to "generate a 64-digit encryption key to lock their chat backups in the cloud. Users can store the encryption key offline or in a password manager of their choice, or they can create a password that backs up their encryption key in a cloud-based 'backup key vault' that WhatsApp has developed". This closes off a loophole law enforcement use to view encrypted WhatsApp messages, as they'll no longer be able to ask Google, Apple, Dropbox etc for access to a user's account and expect an unencrypted backup of WhatsApp chat logs lying around.
Brian Krebs has a new story about a cybercrime group that is making a killing hacking into people's emails, searching for gift cards and cashing them in before the owner does. They've got it all automated, logging in to IMAP servers with compromised email addresses and passwords, making "between five and ten million email authentication attempts daily, and comes away with anywhere from 50,000 to 100,000 of working inbox credentials". They've got a list of email addresses to search the mailboxes for, like "giftcards@gc.nordstrom.com" and just run a script to look for emails from those addresses then pilfer the codes contained within. I don't know how they verify the gift card hasn't been used yet, but either way, I am in awe of the grift. Just another reminder to enable 2FA and/or use a unique password for your email (or disable IMAP if you purely use webmail) so this type of attack won't work.
📻 Don't Need A Cunt (Like You To Love Me) - Amyl and The Sniffers
😎 The Sizzle is curated by Anthony "@decryption" Agius and emailed every weekday afternoon.
💬 Checked out the paid subscriber only forum? It's a tidy little place to discuss tech with like minded Aussies.
💳 Paid subscriber looking to manage your billing info? Visit the customer portal.
The Sizzle is created on Wathaurong land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. I pay my respect to them and their cultures and to elders both past and present.